예제 #1
0
def tinc_stage3_routing():
    for server in sorted(metadata.servers):
        if server <> env.host_string:
            cuisine.file_append(
                "/etc/tinc/%s/tinc.conf" % metadata.config["domain"], """
ConnectTo = %s
""" % server)

            cuisine.file_append(
                "/etc/tinc/%s/tinc-up" % metadata.config["domain"], """
#
# tinc routing configuration: forward packets for the docker network ips on server %s
#
VPN_BASE="%s"
NET="%s"
GW="${VPN_BASE}.%s"
NETMASK="%s"

if [[ "$(uname -o 2>/dev/null)" == "GNU/Linux" ]]; then
    /sbin/route add -net "${NET}" netmask "${NETMASK}" gw "${GW}"
else
    /sbin/route add -net "${NET}" "${GW}" "${NETMASK}"
fi
""" % (server, metadata.config["vpn_base"],
            CIDR(metadata.servers[server]["dockernet"])[0],
            metadata.config["idx"][server],
            CIDR(metadata.servers[server]["dockernet"]).netmask))
예제 #2
0
파일: fabfile.py 프로젝트: yantarou/orizuru
def tinc_stage3_routing():
    for server in sorted(metadata.servers):
        if server <> env.host_string:
            cuisine.file_append("/etc/tinc/%s/tinc.conf" % metadata.config["domain"], """
ConnectTo = %s
""" % server)

            cuisine.file_append("/etc/tinc/%s/tinc-up" % metadata.config["domain"], """
#
# tinc routing configuration: forward packets for the docker network ips on server %s
#
VPN_BASE="%s"
NET="%s"
GW="${VPN_BASE}.%s"
NETMASK="%s"

if [[ "$(uname -o 2>/dev/null)" == "GNU/Linux" ]]; then
    /sbin/route add -net "${NET}" netmask "${NETMASK}" gw "${GW}"
else
    /sbin/route add -net "${NET}" "${GW}" "${NETMASK}"
fi
""" % (
        server,
        metadata.config["vpn_base"],
        CIDR(metadata.servers[server]["dockernet"])[0],
        metadata.config["idx"][server],
        CIDR(metadata.servers[server]["dockernet"]).netmask
    ))
예제 #3
0
def hosts_conf():
    notify('Writing hostname and hosts files.')
    cuisine.mode_sudo()
    sudo('echo "{NAME}" > /etc/hostname'.format(NAME=MACHINE['KEY']))
    sudo('hostname -F /etc/hostname')
    hosts = cuisine.text_template(templates.hosts, MACHINE)
    cuisine.file_append('/etc/hosts', hosts)
예제 #4
0
파일: fabfile.py 프로젝트: yantarou/orizuru
def tinc_stage3_fip_routing():
    #
    # do not run this code if you are working with physical midonet gateways for a demo
    #
    if "midonet_gateway" not in metadata.roles:
        return

    #
    # on all machines that do not host a midonet_gateway container: send the traffic to a machine hosting a midonet gw container
    #
    if env.host_string not in metadata.roles["midonet_gateway"]:
        for server in metadata.servers:
            if server in metadata.roles["midonet_gateway"]:
                fip_router_ip = "%s.%s" % (metadata.config["vpn_base"], metadata.config["idx"][server])
                continue

    #
    # on all machines that host a midonet gateway container: send the traffic to the midonet_gateway container on this box
    #
    else:

        #
        # SNAT the fip network
        #
        run("""
FIP_BASE="%s"

DEFAULT_GW_IFACE="$(ip route show | grep 'default via' | awk -Fdev '{print $2;}' | xargs -n1 echo)"

iptables -t nat -I POSTROUTING -o "${DEFAULT_GW_IFACE}" -s "${FIP_BASE}.0/24" -j MASQUERADE

for RFC1918 in "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16"; do
    iptables -t nat -I POSTROUTING -o "${DEFAULT_GW_IFACE}" -s "${FIP_BASE}.0/24" -d "${RFC1918}" -j ACCEPT
done

""" % metadata.config["fip_base"])

        for container in metadata.containers:
            if metadata.containers[container]["server"] == env.host_string:
                if metadata.containers[container]["role"] == "midonet_gateway":
                    fip_router_ip = metadata.containers[container]["ip"]
                    continue

    cuisine.file_append("/etc/tinc/%s/tinc-up" % metadata.config["domain"], """

#
# route FIP traffic to this local container
#

NET="%s"
NETMASK="255.255.255.0"
GW="%s"

if [[ "$(uname -o 2>/dev/null)" == "GNU/Linux" ]]; then
    /sbin/route add -net "${NET}" netmask "${NETMASK}" gw "${GW}"
else
    /sbin/route add -net "${NET}" "${GW}" "${NETMASK}"
fi

""" % (metadata.config["fip_base"], fip_router_ip))
예제 #5
0
def hosts_conf():
    notify('Writing hostname and hosts files.')
    cuisine.mode_sudo()
    sudo('echo "{NAME}" > /etc/hostname'.format(NAME=MACHINE['KEY']))
    sudo('hostname -F /etc/hostname')
    hosts = cuisine.text_template(templates.hosts, MACHINE)
    cuisine.file_append('/etc/hosts', hosts)
예제 #6
0
파일: install.py 프로젝트: kjtanaka/teefaa
    def _condition_centos_network(self):

        for iface in self.interfaces['add']:
            file_path = "/mnt/etc/sysconfig/network-scripts/ifcfg-" + iface
            bootp = self.interfaces['add'][iface]['bootp']
            if bootp == 'dhcp':
                text = text_strip_margin("""
                |#TEEFAA-BEGIN
                |# The contents below are automatically generated by Teefaa. Do not modify.
                |DEVICE="{iface}"
                |BOOTPROTO="dhcp"
                |NM_CONTROLLED="no"
                |ONBOOT="yes"
                |TYPE="Ethernet"
                |#TEEFAA-END
                |""".format(iface=iface))
                with mode_sudo():
                    file_write(file_path, text)
            elif bootp == 'static':
                address = self.interfaces['add'][iface]['address']
                netmask = self.interfaces['add'][iface]['netmask']
                text = text_strip_margin("""
                |# The contents below are automatically generated by Teefaa. Do not modify.
                |NM_CONTROLLED=no
                |BOOTPROTO=none
                |ONBOOT=yes
                |IPADDR={addr}
                |NETMASK={mask}
                |DEVICE={iface}
                |PEERDNS=no
                |""".format(iface=iface,
                    addr=address, mask=netmask))
                with mode_sudo(): 
                    file_write(file_path, text)
                try:
                    gateway = self.interfaces['add'][iface]['gateway']
                    text = "GATEWAY=" + gateway + '\n'
                    with mode_sudo():
                        file_append(file_path, text)
                except:
                    pass
                try:
                    dnsserver = self.interfaces['add'][iface]['dnsserver']
                except:
                    dnsserver = None
                if dnsserver:
                    text = "DNS1={d}\n".format(d=dnsserver)
                    with mode_sudo():
                        file_append(file_path, text)
예제 #7
0
def initialize():
    """Log in to the server as root and create the initial user/group"""
    env.user = '******'
    mode_user()
    group_ensure(env.remote_group)
    user_ensure(env.remote_user, shell='/bin/bash')
    group_user_ensure(env.remote_user, env.remote_group)

    # copy local public key to user's authorized_keys for convenience
    if os.path.exists('~/.ssh/id_rsa.pub'):
        f = open('~/.ssh/id_rsa.pub', 'rb')
        ssh_authorize(env.remote_user, f.read())
        f.close()

    file_append("/etc/sudoers", "%(remote_user)s   ALL=(ALL) NOPASSWD:ALL\n" % env)
예제 #8
0
파일: fabfile.py 프로젝트: lrks/setting
def ssh_pam_config():
	puts(green('Setup PAM for SSHD'))

	# setting PAM
	pam_ssh = '/etc/pam.d/sshd'
	if not 'pam_access.so' in cuisine.file_read(pam_ssh):
		cuisine.file_append(pam_ssh, 'account required pam_access.so')

	# check SSHD config
	if not 'UsePAM yes' in cuisine.file_read('/etc/ssh/sshd_config'):
		puts(yellow('\'UserPAM no\' in sshd_config '))

	# Upload
	download_and_upload('ssh/%s-access.conf', '/etc/security/access.conf')
	
	puts(green('Success'))
예제 #9
0
파일: install.py 프로젝트: kjtanaka/teefaa
    def _append_data_dir_fstab(self, file_path, device, data_num):

        try:
            data_format = self.disk_config['data']['format']
            data_dir = self.disk_config['data']['dir']
            if data_format == 'xfs':
                line = "{dev}{num}  {d}  xfs  defaults,noatime  0 0".format(
                        dev=device,num=data_num,d=data_dir)
            elif data_format in ['ext3', 'ext4']:
                line = "{dev}{num}  {d}  {f}  defaults  0 0".format(
                        dev=device,num=data_num,d=data_dir,f=data_format)
            else:
                line = "#Data partition is not mounted by Teefaa."
            with mode_sudo():
                file_append(file_path, line+'\n')
        except:
            pass
예제 #10
0
파일: install.py 프로젝트: cloudmesh/teefaa
    def _condition_ubuntu_network(self):

        text = text_strip_margin("""
        |# This file describes the network interfaces available on your system
        |# and how to activate them. For more information, see interfaces(5).
        |
        |# The loopback network interface
        |auto lo
        |iface lo inet loopback
        |""")
        file_path = "/mnt/etc/network/interfaces"
        with mode_sudo():
            file_write(file_path, text)

        for iface in self.interfaces['add']:
            bootp = self.interfaces['add'][iface]['bootp']
            if bootp == 'dhcp':
                text = text_strip_margin("""
                |# {iface}
                |auto {iface}
                |iface {iface} inet dhcp
                |""".format(iface=iface))
                with mode_sudo():
                    file_append(file_path, text)
            elif bootp == 'static':
                address = self.interfaces['add'][iface]['address']
                netmask = self.interfaces['add'][iface]['netmask']
                text = text_strip_margin("""
                |# {iface}
                |auto {iface}
                |iface {iface} inet static
                |  address {addr}
                |  netmask {mask}
                |""".format(iface=iface,
                    addr=address, mask=netmask))
                with mode_sudo(): 
                    file_append(file_path, text)
                try:
                    gateway = self.interfaces['add'][iface]['gateway']
                except:
                    gateway = None
                if gateway:
                    text = "  gateway {g}\n".format(g=gateway)
                    with mode_sudo():
                        file_append(file_path, text)
                try:
                    dnsserver = self.interfaces['add'][iface]['dnsserver']
                except:
                    dnsserver = None
                if dnsserver:
                    text = "  dns-nameservers {d}\n".format(d=dnsserver)
                    with mode_sudo():
                        file_append(file_path, text)
            else:
                raise TypeError("network_config: {0} is not supported.\n".format(iface))
예제 #11
0
파일: fabfile.py 프로젝트: lrks/setting
def upgrade_agent():
	puts(green('Upgrade Agent'))

	# Prepare
	upgrade_common()

	# Upgrade
	proxy(sudo, 'yum upgrade cloudstack-agent -y')

	# Verify
	path = '/etc/cloudstack/agent/environment.properties'
	str = 'paths.script=/usr/share/cloudstack-common'
	if not str in cuisine.file_read(path):
		cuisine.file_append(path, '\n%s\n' % str)
	
	# Restart
	cuisine.upstart_stop('cloudstack-agent')
	sudo('killall jsvc', warn_only=True)
	cuisine.upstart_ensure('cloudstack-agent')

	puts(green('Success'))
예제 #12
0
파일: fabfile.py 프로젝트: lrks/setting
def management():
	puts(green('Setup Management Server'))

	# Install
	install_package('cloudstack-management')
	
	# Load File
	config = ConfigParser.SafeConfigParser()
	config.read(config_read_path('./config/management/db.ini'))
	
	user = config.get('cloud', 'user')
	password = config.get('cloud', 'password')
	deploy_user = config.get('deploy', 'user')
	deploy_password = config.get('deploy', 'password')
	server = config.get('deploy', 'server')
	
	if None in [ user, password, deploy_user, deploy_password, server ]:
		abort('Check config/agent/db.ini')
	
	# Initialize
	run('cloudstack-setup-databases "%s:%s@%s" "--deploy-as=%s:%s"' % (user, password, server, deploy_user, deploy_password))

	tmp = 'Defaults:cloud !requiretty'
	if not '\n' + tmp in cuisine.file_read('/etc/sudoers'):
		cuisine.file_append('/etc/sudoers', '\nDefaults:cloud !requiretty\n')
	
	run('cloudstack-setup-management')
	sudo('chkconfig cloudstack-management on')
	sudo('chown cloud:cloud /var/log/cloudstack/management/catalina.out')

	# NFS Client
	for service in [ 'rpcbind', 'nfs' ]:
		cuisine.upstart_ensure(service)
		sudo('chkconfig %s on' % service)
	
	# Setting Storage
	cuisine.dir_ensure('/mnt/primary', recursive=True)
	cuisine.dir_ensure('/mnt/secondary', recursive=True)
	
	config.read(config_read_path('./config/management/nfs.ini'))
	nfs_primary_path = config.get('primary', 'path')
	nfs_primary_ip = config.get('primary', 'ipaddr')
	nfs_secondary_path = config.get('secondary', 'path')
	nfs_secondary_ip = config.get('secondary', 'ipaddr')
	
	if None in [ nfs_primary_path, nfs_primary_ip, nfs_secondary_path, nfs_secondary_ip ]:
		abort('Check config/agent/nfs.ini')
	
	sudo('mount -t nfs %s:%s /mnt/primary' % (nfs_primary_ip, nfs_primary_path))
	sleep(5)
	sudo('mount -t nfs %s:%s /mnt/secondary' % (nfs_secondary_ip, nfs_secondary_path))
	sleep(5)
	
	sudo('rm -rf /mnt/primary/*')
	sudo('rm -rf /mnt/secondary/*')
	
	proxy(sudo, '/usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt -m /mnt/secondary -u http://d21ifhcun6b1t2.cloudfront.net/templates/4.2/systemvmtemplate-2013-06-12-master-kvm.qcow2.bz2 -h kvm -F')
	sudo('sync')
	
	for dir in [ '/mnt/primary', '/mnt/secondary' ]:
		sudo('umount %s' % dir)
		sudo('rmdir %s' % dir)

	puts(green('Success'))
예제 #13
0
def tinc_stage3_fip_routing():
    #
    # do not run this code if you are working with physical midonet gateways for a demo
    #
    if "midonet_gateway" not in metadata.roles:
        return

    #
    # on all machines that do not host a midonet_gateway container: send the traffic to a machine hosting a midonet gw container
    #
    if env.host_string not in metadata.roles["midonet_gateway"]:
        for server in metadata.servers:
            if server in metadata.roles["midonet_gateway"]:
                fip_router_ip = "%s.%s" % (metadata.config["vpn_base"],
                                           metadata.config["idx"][server])
                continue

    #
    # on all machines that host a midonet gateway container: send the traffic to the midonet_gateway container on this box
    #
    else:

        #
        # SNAT the fip network
        #
        run("""
FIP_BASE="%s"

DEFAULT_GW_IFACE="$(ip route show | grep 'default via' | awk -Fdev '{print $2;}' | xargs -n1 echo)"

iptables -t nat -I POSTROUTING -o "${DEFAULT_GW_IFACE}" -s "${FIP_BASE}.0/24" -j MASQUERADE

for RFC1918 in "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16"; do
    iptables -t nat -I POSTROUTING -o "${DEFAULT_GW_IFACE}" -s "${FIP_BASE}.0/24" -d "${RFC1918}" -j ACCEPT
done

""" % metadata.config["fip_base"])

        for container in metadata.containers:
            if metadata.containers[container]["server"] == env.host_string:
                if metadata.containers[container]["role"] == "midonet_gateway":
                    fip_router_ip = metadata.containers[container]["ip"]
                    continue

    cuisine.file_append(
        "/etc/tinc/%s/tinc-up" % metadata.config["domain"], """

#
# route FIP traffic to this local container
#

NET="%s"
NETMASK="255.255.255.0"
GW="%s"

if [[ "$(uname -o 2>/dev/null)" == "GNU/Linux" ]]; then
    /sbin/route add -net "${NET}" netmask "${NETMASK}" gw "${GW}"
else
    /sbin/route add -net "${NET}" "${GW}" "${NETMASK}"
fi

""" % (metadata.config["fip_base"], fip_router_ip))
예제 #14
0
def profile_conf():
    notify('Configuring .profile settings.')
    profile = cuisine.text_template(templates.profile, MACHINE)
    cuisine.file_append(MACHINE['OWNER_PROFILE'], profile)
    run('source ' + MACHINE['OWNER_PROFILE'])
예제 #15
0
def profile_conf():
    notify('Configuring .profile settings.')
    profile = cuisine.text_template(templates.profile, MACHINE)
    cuisine.file_append(MACHINE['OWNER_PROFILE'], profile)
    run('source ' + MACHINE['OWNER_PROFILE'])